FBI’s 2025 Internet Crime Report
The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Press release.
Transportation
20 articles
The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.
Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS.
Iranian intelligence service behind hack of LA transit system, researchers say
The hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), re...
Iranian threat group targets US aviation sector with AI-assisted ‘MiniFast’ backdoor
Career-themed phishing lures targeted employees of US domestic airlines during Operation Epic Fury.
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are d...
Iranian-backed hackers linked to Los Angeles transit system breach
The hacktivist group Ababil of Minab initially claimed responsibility for the breach, stating they had stolen and subsequently deleted data from the Los Ange...
Cybercriminals increasingly use AI for deepfake-based KYC bypass, report finds
New research from Flashpoint highlights a significant trend where threat actors are not focused on developing novel AI tools but rather on refining existing ...
Welcoming the AWS Customer Incident Response Team
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources s...
How Varonis Atlas integrates Claude Compliance API for AI governance
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to...
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company con...
EU Regulators Prepare Landmark Fine Against Google Under Digital Markets Act
The European Union is preparing to issue a landmark penalty against Google under its Digital Markets Act (DMA), marking a significant escalation in regulator...
ABB Ability Camera Connect
View CSAF Summary ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.
ABB AbilityTM Zenon Remote Transport Vulnerability
View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. The vulnerability enables unauthorized access t...
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without r...
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks
Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, poten...
PuTTY 0.84 Update Patches SSH Key Exchange Crash Issues and Telnet Prompt Spoofing Flaw
PuTTY 0.84 has been released with three minor security fixes that address issues that could allow remote attackers to crash the client or trick users during ...
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in atta...
Security experts caution MFA alone can no longer stop threat actors
Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to ...
340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks
A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor...